Route Origin Authorization

$ rpki-client -vvf repo-rpki.idnic.net/repo/c1f7c25b-410b-482a-9436-221ab079d368/0/3130332e35322e3231322e302f32342d3234203d3e20313531353932.roa
File:                     3130332e35322e3231322e302f32342d3234203d3e20313531353932.roa (raw, json)
Hash identifier:          9JDBXYlD9SqW2BMyADf7uhmLucs+uFWH56a3wjHsOJc=
Subject key identifier:   3D:3B:15:D6:70:CC:D9:0B:92:A2:86:28:5D:9A:D2:40:79:7C:4A:C5
Certificate issuer:       /CN=121FC37C40B5B0AFD8F88B57216FD43E29D11E1C
Certificate serial:       359BE5BBE7A92FD0FDA904400BA623F1B4758EB2
Authority key identifier: 12:1F:C3:7C:40:B5:B0:AF:D8:F8:8B:57:21:6F:D4:3E:29:D1:1E:1C
Authority info access:    rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/121FC37C40B5B0AFD8F88B57216FD43E29D11E1C.cer
Subject info access:      rsync://repo-rpki.idnic.net/repo/c1f7c25b-410b-482a-9436-221ab079d368/0/3130332e35322e3231322e302f32342d3234203d3e20313531353932.roa
Signing time:             Thu 09 Oct 2025 12:02:28 +0000
ROA not before:           Thu 09 Oct 2025 11:57:28 +0000
ROA not after:            Thu 08 Oct 2026 12:02:28 +0000
asID:                     151592
IP address blocks:        103.52.212.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://repo-rpki.idnic.net/repo/c1f7c25b-410b-482a-9436-221ab079d368/0/121FC37C40B5B0AFD8F88B57216FD43E29D11E1C.crl
                          rsync://repo-rpki.idnic.net/repo/c1f7c25b-410b-482a-9436-221ab079d368/0/121FC37C40B5B0AFD8F88B57216FD43E29D11E1C.mft
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/121FC37C40B5B0AFD8F88B57216FD43E29D11E1C.cer
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.crl
                          rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/BA8F77D21E58FE9C939A6B70E2585617E183376B.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/uo930h5Y_pyTmmtw4lhWF-GDN2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 22 Oct 2025 00:19:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            35:9b:e5:bb:e7:a9:2f:d0:fd:a9:04:40:0b:a6:23:f1:b4:75:8e:b2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=121FC37C40B5B0AFD8F88B57216FD43E29D11E1C
        Validity
            Not Before: Oct  9 11:57:28 2025 GMT
            Not After : Oct  8 12:02:28 2026 GMT
        Subject: CN=3D3B15D670CCD90B92A286285D9AD240797C4AC5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:05:51:3b:91:b0:f0:3c:af:ca:ac:f9:cc:c1:
                    fc:e9:f2:5c:71:3e:d9:27:4b:be:6c:4b:c1:10:17:
                    a1:a2:bc:59:09:32:e9:23:7f:d0:5c:df:45:ca:23:
                    f0:8e:22:60:1e:75:10:81:8f:fb:fd:0b:31:6b:cd:
                    8b:54:fb:ba:58:0f:94:fa:4f:5b:71:99:fe:df:9d:
                    70:fe:c5:a9:4b:24:5d:d2:35:92:3e:f7:8b:3a:8d:
                    58:26:d7:63:37:e1:27:8b:eb:c4:db:3b:66:08:b5:
                    d4:26:a6:03:fb:e3:e3:9a:7a:59:3b:a6:14:c0:3f:
                    55:92:1c:40:ed:cc:c0:61:5a:60:8a:e2:e5:04:74:
                    6b:29:53:25:21:5d:b6:98:27:e4:55:0b:b7:9a:0a:
                    78:6a:c2:9a:6f:48:4d:da:4d:e7:3d:33:91:dd:3d:
                    2a:d2:04:ff:3f:c5:86:7c:72:95:a5:aa:9f:6a:78:
                    3d:a6:2b:1d:de:fa:c4:03:2d:24:10:6b:1a:52:21:
                    58:4b:5d:dd:97:e8:e0:1d:f5:da:d4:e4:ea:e4:de:
                    03:98:6f:fd:4a:5b:b0:4f:53:f8:d1:5a:f7:09:18:
                    94:f4:70:23:f0:93:8c:4b:a6:27:8a:63:04:fc:be:
                    58:f6:11:2b:b8:9a:36:27:19:f3:99:01:73:4d:4e:
                    17:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:3B:15:D6:70:CC:D9:0B:92:A2:86:28:5D:9A:D2:40:79:7C:4A:C5
            X509v3 Authority Key Identifier:
                keyid:12:1F:C3:7C:40:B5:B0:AF:D8:F8:8B:57:21:6F:D4:3E:29:D1:1E:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://repo-rpki.idnic.net/repo/c1f7c25b-410b-482a-9436-221ab079d368/0/121FC37C40B5B0AFD8F88B57216FD43E29D11E1C.crl

            Authority Information Access:
                CA Issuers - URI:rsync://repo-rpki.idnic.net/repo/IDNIC-ID/2/121FC37C40B5B0AFD8F88B57216FD43E29D11E1C.cer

            Subject Information Access:
                Signed Object - URI:rsync://repo-rpki.idnic.net/repo/c1f7c25b-410b-482a-9436-221ab079d368/0/3130332e35322e3231322e302f32342d3234203d3e20313531353932.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.52.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:0f:34:1c:4a:af:eb:b4:cd:e5:1a:6b:60:13:d9:16:d6:9e:
         f7:40:80:e1:1f:5b:2e:ea:64:76:83:ff:02:ac:00:a2:6e:de:
         ae:f6:e8:96:33:b1:3d:9d:1b:b2:50:0f:a0:fa:b5:b7:19:c3:
         07:76:73:8b:74:88:0c:94:f2:62:99:e3:6f:70:55:54:9e:c4:
         21:47:4d:d7:20:b2:e8:19:31:19:84:45:9a:3a:e8:ca:16:2c:
         c4:c8:87:2c:bf:75:19:21:f0:ce:d2:25:4b:c3:31:75:02:c0:
         b1:9d:93:78:2d:1c:0d:51:06:3a:9b:9b:14:d1:30:10:69:be:
         fd:2a:fc:c7:cf:06:5d:ea:6e:2d:15:7a:62:f8:dc:3b:31:35:
         83:f6:27:e7:c4:c7:1b:11:24:7a:98:03:41:1c:84:43:24:6e:
         ac:cb:28:84:c7:98:1b:a2:a9:1f:9d:c6:51:ad:df:92:68:9c:
         b6:39:60:d2:38:8e:de:cb:13:45:cf:93:a0:f5:4e:19:00:06:
         51:80:4b:68:a8:ee:0f:de:86:51:59:d9:2d:17:cc:55:26:80:
         8a:1b:98:56:eb:64:2a:3a:50:fd:f0:3a:56:47:90:0d:16:1a:
         80:87:18:96:bc:60:b2:e8:de:f2:37:45:89:af:4f:41:fd:17:
         78:44:82:fc
-----BEGIN CERTIFICATE-----
MIIFKjCCBBKgAwIBAgIUNZvlu+epL9D9qQRAC6Yj8bR1jrIwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMTIxRkMzN0M0MEI1QjBBRkQ4Rjg4QjU3MjE2RkQ0M0Uy
OUQxMUUxQzAeFw0yNTEwMDkxMTU3MjhaFw0yNjEwMDgxMjAyMjhaMDMxMTAvBgNV
BAMTKDNEM0IxNUQ2NzBDQ0Q5MEI5MkEyODYyODVEOUFEMjQwNzk3QzRBQzUwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2BVE7kbDwPK/KrPnMwfzp8lxx
PtknS75sS8EQF6GivFkJMukjf9Bc30XKI/COImAedRCBj/v9CzFrzYtU+7pYD5T6
T1txmf7fnXD+xalLJF3SNZI+94s6jVgm12M34SeL68TbO2YItdQmpgP74+Oaelk7
phTAP1WSHEDtzMBhWmCK4uUEdGspUyUhXbaYJ+RVC7eaCnhqwppvSE3aTec9M5Hd
PSrSBP8/xYZ8cpWlqp9qeD2mKx3e+sQDLSQQaxpSIVhLXd2X6OAd9drU5Ork3gOY
b/1KW7BPU/jRWvcJGJT0cCPwk4xLpieKYwT8vlj2ESu4mjYnGfOZAXNNThdLAgMB
AAGjggI0MIICMDAdBgNVHQ4EFgQUPTsV1nDM2QuSooYoXZrSQHl8SsUwHwYDVR0j
BBgwFoAUEh/DfEC1sK/Y+ItXIW/UPinRHhwwDgYDVR0PAQH/BAQDAgeAMIGFBgNV
HR8EfjB8MHqgeKB2hnRyc3luYzovL3JlcG8tcnBraS5pZG5pYy5uZXQvcmVwby9j
MWY3YzI1Yi00MTBiLTQ4MmEtOTQzNi0yMjFhYjA3OWQzNjgvMC8xMjFGQzM3QzQw
QjVCMEFGRDhGODhCNTcyMTZGRDQzRTI5RDExRTFDLmNybDB0BggrBgEFBQcBAQRo
MGYwZAYIKwYBBQUHMAKGWHJzeW5jOi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBv
L0lETklDLUlELzIvMTIxRkMzN0M0MEI1QjBBRkQ4Rjg4QjU3MjE2RkQ0M0UyOUQx
MUUxQy5jZXIwgaQGCCsGAQUFBwELBIGXMIGUMIGRBggrBgEFBQcwC4aBhHJzeW5j
Oi8vcmVwby1ycGtpLmlkbmljLm5ldC9yZXBvL2MxZjdjMjViLTQxMGItNDgyYS05
NDM2LTIyMWFiMDc5ZDM2OC8wLzMxMzAzMzJlMzUzMjJlMzIzMTMyMmUzMDJmMzIz
NDJkMzIzNDIwM2QzZTIwMzEzNTMxMzUzOTMyLnJvYTAYBgNVHSABAf8EDjAMMAoG
CCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAZzTUMA0GCSqG
SIb3DQEBCwUAA4IBAQBVDzQcSq/rtM3lGmtgE9kW1p73QIDhH1su6mR2g/8CrACi
bt6u9uiWM7E9nRuyUA+g+rW3GcMHdnOLdIgMlPJimeNvcFVUnsQhR03XILLoGTEZ
hEWaOujKFizEyIcsv3UZIfDO0iVLwzF1AsCxnZN4LRwNUQY6m5sU0TAQab79KvzH
zwZd6m4tFXpi+Nw7MTWD9ifnxMcbESR6mANBHIRDJG6syyiEx5gboqkfncZRrd+S
aJy2OWDSOI7eyxNFz5Og9U4ZAAZRgEtoqO4P3oZRWdktF8xVJoCKG5hW62QqOlD9
8DpWR5ANFhqAhxiWvGCy6N7yN0WJr09B/Rd4RIL8
-----END CERTIFICATE-----
Generated at Mon Oct 20 10:37:51 2025 by rpki-client